软件安全代写 | COMP SCI 4412 Secure Software Engineering
The list of tasks for assignment 1
1. Study about Cross-site scripting (XSS) and Cross-site Request Forgery (CSRF)
vulnerabilities on Common Weakness Enumeration and related websites. You DO NOT
have to submit this part.
2. Identify 3 source code files in open-source GitHub repositories. Each type of
vulnerability must have at least one source code file. The projects must satisfy the
● The repository has more 100 stars and 10 contributors on GitHub
3. Include the following artifacts about each file you have found in the report:
● Link to the file
● Link to the commit that fixes the vulnerable file
● Name of the file
● The programming language used in the file
● Name of the repository
● Number of repository stars
● Number of contributors in the repositories
● Type of vulnerability (CWE)
4. Pinpoint the code lines within the source code files you have identified that contain
the vulnerabilities you found.
5. Also enter the information you have found in tasks 3 and 4 into the Google Sheet
(Assignment 1 Part 1) along with your name and student ID to avoid duplicate
6. Explain how the vulnerable lines correlate to the definition or causes of the
vulnerability you have studied
7. Show how to fix the vulnerability and explain in detail. It is not mandatory that the fix
has to be executable, but the explanation must be reasonable. If there is already a fix
available, explain how this fix complies with the standard mitigation techniques for
8. Write your findings in the report.
9. Please visit the Google Sheet (Assignment 1 Part 1) to input your identified vulnerable
source code files as soon as possible after you find them. You can do the analyses and
put your findings in the report later (but still before the deadline). The student who
submits earlier will claim the authorship of the source code file and the later ones
must choose a different file to work on. In case you accidentally select the same source
code file, there will be a red flag to notify you.